Shibboleth Developers

["Josh Howlett" <>]

> > > - Client transport authentication to SOAP endpoints
> > 
> > I would be grateful if you could expand on what you mean by 
> this (or 
> > alternatively point me to the relevant docs, I wasn't able 
> to find any 
> > yet...).
> 
> https://spaces.internet2.edu/display/SHIB2/NativeSPRelyingParty
> 
> I don't know that it's going to help much

Yes - that was what I thought you meant, but it was such a surprising
feature that I thought I had best double check!

> http://curl.haxx.se/docs/manpage.html
> 
> I saw no reason not to just permit whatever libcurl allowed, 
> it wasn't hard to expose. Now that I'm looking at the docs, I 
> think I can fix the gss option to omit username/password. It 
> doesn't need a real value for that.

(FWIW there was a bug in libcurl that tripped me up (some time ago) that
required a username (anything) to be set before it would do anything
with GSS. It didn't use the username for anything,it just insisted on a
value. I have no idea if this has been fixed)

The addition of GSS is really interesting. You could do some crazy
things with this.

Does the IdP do any of this (ie. using the Java binding to libcurl, or
does it use JAAS)? I'm still trying to understand the new architecture,
although the new docs for Shib 2.0 are *very* good. 

Thanks, josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG